Is %ASA-4-733100 ever useful?
I've upgraded some old PIXen to ASAs running 9.1(1) in the past few months, and have seen plenty of these:
Apr 8 16:33:32 myasa %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 13 per second, max configured rate is 50; Current average rate is 25 per second, max configured rate is 25; Cumulative total count is 15012
I'm wondering: has this message ever really helped anyone? It provides no indication which host is causing the drop rate to be exceeded, to which host(s), on which ports, with which protocol, or what specifically was wrong with any of that traffic. It's like an alarm that says "problem! (maybe) problem! (maybe) problem!"--so generic that it's not helpful.
Even when the same message is produced with an IP address instead of "[ Scanning ]" it's not useful in my experience, for many of the same reasons. I currently see the message produced with the IP of our VPN server in the brackets, but without some indication of what specifically is making the ASA angry about the traffic to or from the VPN server, that information is of no use to me at all. I've looked through the available "show threat-detection" information in the wake of these messages but it's still too general to be of any use.
Is there some way I'm missing to convert these messages into specific, useful, actionable information?
(BTW, I am not asking how to reduce the frequency of %ASA-4-733100 messages; I've already tuned the rates, as you can see. I'd just like to know if anyone out there has managed to get some use out of them, and if so how.)
Hello Joseph,
I was going to explain you why this is useful and how you should be careful but I would say that is better if a provide you with the best threat-detection documentation available,
Here u go
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bd3913.shtml
This should answer all of your questions and even more
remember to rate all of the helpful posts
Julio Carvajal
Similar Messages
-
ASA 5505 -Can I use outside dynamic IP for webserver DMZ?
SETUP
ASA 5505
ASA Version 9.1(2)
ASDM Version 7.1(3)
I have basic license, using only three vlans (outside, inside, DMZ).
QUESTION:
I want to find a way (if possible) to use the single DYNAMIC IP (dhcp'd from ISP) on the "outside" interface, as a means to setup a web-server on the DMZ? I just want to allow my WHS-2011 (server) to talk to microsoft's free DDNS service where my domain name is hosted (ports 80,443,4125).
So far, every setup option I have tried does not make it past the implicit deny acl's (on the outside interface) to the web-server (DMZ).
I understand that the VLAN1 (inside) had to be disabled. I understand that objects now replace some of the older NAT'd components.
CONFIG:
object network webserver-external-ip
host <X.X.X.X>
! I had set this to match my ISP DHCP address
object network webserver
host 172.16.0.2
nat (DMZ,outside) static webserver-external-ip service tcp www www
nat (DMZ,outside) static webserver-external-ip service tcp 443 443
nat (DMZ,outside) static webserver-external-ip service tcp 4125 4125
access-list outside_acl extended permit tcp any object webserver eq www
access-list outside_acl_https extended permit tcp any object webserver eq 443
access-list outside_acl_rww extended permit tcp any object webserver eq 4125
access-group outside_acl in interface outside
access-group outside_acl_https in interface outside
access-group outside_acl_rww in interface outside
! added the dns statements below because the cisco doc (below) says it's required or dmz traffic can't get out despite default rule allowing it to do so.
! (ctrl-F) ... "all traffic would be blocked from the dmz to hosts on the internet"
! http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080bf150c.shtml
object network dns-server
host 8.8.8.8
exit
access-list dmz_acl extended permit udp any object dns-server eq domain
access-list dmz_acl extended permit ip any any
access-group dmz_acl in interface DMZ
SUMMARY:
I just want to allow my WHS-2011 (server) to talk to microsoft's free DDNS service where my domain name is hosted (ports 80,443,4125).
I want to find a way (if possible) to use the single DYNAMIC IP (dhcp'd from ISP) on the "outside" interface, as a means to setup a web-server on the DMZ?
Other:
As an interim alternative, I have been able to setup & connect to the ASA using clientless vpn (web-ssl), and from there getting over to my WHS2011 server...-but the problem is, I have no way of knowing, or updating my DDNS once that IP changes since the ASA keeps blocking the return traffic to theh outside interface. My only assumption is that becasue I am using a single dynamic IP (outside interface) that it has nothing to re-direct the traffic to....???
Thank You for any help you can provide!!
k/rHi,
I cant really help with the DDNS portion but I would imagine you already have that sorted out.
The ASA configurations however seem a bit off to me.
Here is what you should configure
STATIC PAT TO HOST SERVICES
There are some changes that need to be done to both ACL and NAT configurations. First of the NAT configurations for each port require their own "object network" to be configured.
Also since you are using a DHCP address from the ISP to act as the NAT address then you can use the keyword/parameter "interface" in the actual "nat" command. This basically tells the ASA that it should use whatever IP address is currently on the "outside" interface of the ASA. So you wont have to configure any separate "object network" for the public IP address every time it changes.
Also, with regards to the ACL configurations. You should only configure one ACL per interface in the "in" direction. So all the rules you need to configure for traffic inbound from the Internet need to be in the same ACL that you then attach to the "outside" interface with the command "access-group"
object network WEBSERVER-TCP80
host 172.16.0.2
nat (DMZ,outside) static interface service tcp www www
object network WEBSERVER-TCP443
host 172.16.0.2
nat (DMZ,outside) static interface service tcp 443 443
object network WEBSERVER-TCP4125
host 172.16.0.2
nat (DMZ,outside) static interface service tcp 4125 4125
access-list outside_acl extended permit tcp any object WEBSERVER-TCP80 eq www
access-list outside_acl extended permit tcp any object WEBSERVER-TCP443 eq https
access-list outside_acl extended permit tcp any object WEBSERVER-TCP4125 eq 4125
access-group outside_acl in interface outside
DYNAMIC PAT FOR LANs and DMZs
The above NAT configurations only handles the NAT for situations where the remote hosts on the Internet contact your DMZ server.
If you want to configure Dynamic PAT for all your LAN and DMZ users which basically enable them to use the "outside" interface public IP address for Internet traffic, then you could configure this single "nat" configuration
nat (any,outside) after-auto source dynamic any interface
This would enable Dynamic PAT for all users behind the ASA
I am not sure if you will run into problems since you are using a single public IP address and trying to forward TCP/443. This port is both used for SSL VPN and ASDM management of the ASA.
If you want to change the default port of the ASDM management you can use this command
http server enable
If you want to change the default port of SSL VPN you can use these commands
webvpn
port
Naturally before doing either of the above changes, make sure that you are not relying to them for management purposes if something was to go wrong. If you have SSH management access to the ASA then it should naturally be ok.
I am not sure if all of the above are enough to get your setup working but it should be the basics. Naturally if there is still problems after the above suggestions it might be helpfull to see the current ASA configurations. For example NAT might not work if the ordering of NAT rules is wrong even though the actual configurations are otherwise valid.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni -
Yes, well I ignoratly created a second Apple ID when first setting up my MacBook, and when I go to the "My Purchases" in my Mac App Store, and it shows the apps I've uninstalled, and the apps that are available to update. When I tap on the update icon/text I get a drop down notice, telling me that I have other apps that can be updated using the Apple ID I used to purchase the *apps* in Mac App Store. As far as I am aware I have only used ONE Apple ID to purchase Mac Apps, iPhone Apps, and iTunes. I have tried MANY, MANY times to find my second Apple ID. I've gone through and used every email address I making sure non of them were my second Apple Id's . SO is there anyway that I can update my apps using my main apple ID?
Best Regards,
Anna Grace Y.What are the names of the apps?
So you are saying that you only ever used the old Apple ID to buy content on the iPhone and the Mac? You never used the new Apple ID to buy content for the Mac? -
How can I use iCloud again after upgrading OS to Mountain Lion? 2 days of trying every password I have ever used, AND changing Apple ID and iTunes ID, still nothing. Can't backup on iCloud anymore.
Apple ID's can be used for anything, a single ID can be used for all your accounts (ie iCloud, iTunes, MAS, Apple community etc), ideally this would be the way forward. So far as iTunes goes you need to continue to use the same ID as you have always used or you will lose access to your previous purchases and your iTunes match subscription.
If you are using a second ID for iCloud, you can continue to do so or use the ID you use for iTunes, but if you choose the later you will need to move all your calendar, contact etc data to the account using the ID you use for iTunes.
When (if) you change which account you use you would delete the account on an iOS device and log back in with the correct details, on a mac you would sign out in the iCloud system preference pane. -
Can't add music my iPhone from iTunes.
When I try to drag a song over to my phone, I get the circle w/ the syncing line through it, but it does not update/load.
[Manually manage music and videos] is checked. And, this is the only Mac I have ever used to add music to my phone.
Also, just updated the phone's software today, and iTunes' software is already up to date.Hi Gregg,
Have you tried resetting the device (nothing will be lost): Hold down the Home and Power buttons at the same time and continue to hold them down until the Apple appears (up to 30 seconds). Once the Home screen redisplays, see if your Music app is behaving normally.
Cheers,
GB -
Library is full of EVERY pic I have ever used in the program. How do I make them go away?
Edge Animate no longer functions because my library is full of every picture i have ever used in the program. Not just in one project file, but ALL the projects. All the images carry over whenever i start a new animation. It's so bogged down now that I can't even use the program at all. I cannot add new content to an existing project.
-Checked my system requirements
-Tried to manage in Explorer
-Looked through the forum questions
-Had help over the phone-appeared they fixed it, but it still is doing the same thing
-Went to chat and no one ever responded
I am at a loss to make this program work.
HelpHere it shows just a portion of my Library. I open a new project and my libarary seems to be one continuous entry that stays. Some of those pics were added after I made this project from a totally different file a different file. This is a very simple animation of only 8-10 PNG pics that loop.
-
Not rally a question, just wanted to share my absolute frustration with the update of iTunes...this is, without a shadow of a doubt THE WORST application i have EVER used, Mac or PC! And that's saying something with the amount of PC dross that's out there...Apple...PLEASE update and give us back the old version of iTunes...
Pull down View > Show Sidebar. This will give you back the same functionality of iTunes 10.x.x.
-
i tried transferring my iphoto library from my old macbook onto my new macbook pro (via external hard drive), but when i open the new iphoto, it seems to have transferred ALL images ever used on my old macbook. so i tried to just delete all those images so i could try a different approach to transferring, but the new iphoto won't let me do anything and every time i try to delete anything it crashes (since the image amount is so high). please help!!
MacBook Pro, OS X Mountain Lion (10.8.2), iphoto '11, version 9.4.2To move an iPhoto Library to a new machine:
Link the two Macs together: there are several ways to do this: Wireless Network,Firewire Target Disk Mode, Ethernet, or even just copy the Library to an external HD and then on to the new machine...
But however you do choose to link the two machines...
Simply copy the iPhoto Library from the Pictures Folder on the old Machine to the Pictures Folder on the new Machine.
Then launch iPhoto. That's it.
This moves photos, events, albums, books, keywords, slideshows and everything else. -
i tried transferring my iphoto library from my old macbook onto my new macbook pro (via external hard drive), but when i open the new iphoto, it seems to have transferred ALL images ever used on my old macbook. so i tried to just delete all those images so i could try a different approach to transferring, but the new iphoto won't let me do anything and every time i try to delete anything it crashes (since the image amount is so high). please help!!
See http://support.apple.com/kb/HT1229?viewlocale=en_US - I doubt that it will solve your problem, though. You may want to post on the iPhoto forum - that's where all of the iPhoto experts hang out.
Good luck,
Clinton -
Apple App Store Worst On-Line Store I Have Ever Used
For the first time ever I used the Apple App Store to upgrade my Macbook Pro to OS X Lion, I have only had a Mac for 8 months. I have to say I was surprised and extremely disappointed to find out that it is the worst on-line store I have ever used.
To start with I couldn't find out how to buy Lion, it is the first store I have ever been into that doesn't have a "Buy" or "Add to Cart" button. After twenty minutes of signing on / off, going out / back in, I discovered that if you click on the price it turns into a "Buy" button. Why not put a message on the screen to tell people to do this? I wonder how many customers they have lost who have just given up and gone elsewhere. Surely if the purpose of the site is to sell it should be obvious how you buy.
Having discovered this I thought it would be simple but no, you click on the "Buy" button and nothing happens, eventually over a minute later the "Buy" button changed to say "Installing". At no time did I get a message up saying something like "Please wait while we process your order". The site says follow the instructions, no instructions, no messages about download time, where the download would be located, etc, were given.
After this nothing else happened the only way I knew that the download was happening was that the lights on my router were flashing. I did eventually find that a Lion icon had been put in the dock with a progress bar. When I did find this I then found out that my download was going to take over 26 hours. Don't Apple realise that not everybody lives in towns and cities with superfast broadband. There are lots of people who only have access to normal broadband. The advertising states that there is no need to buy and load CD's. It would be preferable to losing the use of both my PC and Laptop for over 24 hours which is what has effectively happened as using them only extends the download time.
Another sign of poor service is the fact that a receipt was not sent to me until 14 hours after I made the purchase. Most other on-line stores send this out within an hour of the order being placed.
This experience means that I will definitely not be using Apple App Store again, if I can't get the software from an alternative source I will do without. It makes me wonder whether or not it was a good idea to convert from a PC.
ElBeardoHave you looked in your Applications Folder for the App Store.
If it is truly missing and/or deleted... Go here and Download and Install the 10 7 3 Combo Update
http://support.apple.com/kb/DL1484
This is Safe to do... be sure to Restart your computer after the Install. -
I have Ps CS4. I run Apple OS X 10.9.5 on a new MacPro 3GHz 8-core Intel Xeon E5 - 64 GB. I hardly ever use CS4 ( preferring Elements for my low level needs), but I now want to use it's function for stitching together a landscape. I fire it up and get Error 150:30 with the suggestion to contact you - hence this message
I have Ps CS4. I run Apple OS X 10.9.5 on a new MacPro 3GHz 8-core Intel Xeon E5 - 64 GB. I hardly ever use CS4 ( preferring Elements for my low level needs), but I now want to use it's function for stitching together a landscape. I fire it up and get Error 150:30 with the suggestion to contact you - hence this message
-
I recently purchased a used ibook g4 and i want to update to itunes 10.2. It tells me that I need to update to mac os 10.5. Today is the fist time that I have ever used a mac and I am not very well versed on computers to begin with. From what I gather I need to purchase the mac os 10.5 but there are a lot of different options and I dont know what I need to do. Can somebody point me in the right direction? I dont want to spend too much money because i just want my ipod touch to be compatible with my ibook. thank you
Hi
Your question is more suitable for the 10.4's General Forum rather than 10.4 OSX Server. Post here instead:
https://discussions.apple.com/community/mac_os/mac_os_x_v10.4_tiger?categoryID=1 77
You'll have more of a chance of someone responding.
HTH?
Tony -
Is there any way to edit and save an existing spreadsheet file that was not created from my iPad? I get excel spreadsheets emailed to me and would love to edit them on my iPad and not ever use my PC.
Thanks. I tried an app called Office2HD and it does exactly what I need. I can even email my edited file from this app.
-
I am looking for help , I have bought an imac , and need to put my cd version of Adobe photo elements 10 ( which is for windows or mac os )on to my imac. I have only ever used it on my windows pc previously , I'm not wanting to buy a new version so I would like to use this existing phtoshop on my imac.
Try downloading from the Adobe site and use your serial number:
Download Photoshop Elements products | 11, 10 -
I restored my ipad but i was unable to activate it because it is askimg me for the apple id and password eith which i originally set it up. I know the apple id although i do not remember ever using it but i cannot remember the password. I have tried everything from reserting my password to trying different passwords but it asks me for a custom question that i dont remember creating.
You need to use Apple's iForgot service or contact their Account Security team.
(123152)
Maybe you are looking for
-
Connection timeout error while refreshing a deski report
Hi All, When I tried to refresh a report I'm getting the following error. " Exception: DBD, ORA-12170: TNS:Connect timeout occurred State: N/A" Can any one tell me how to over come it. BO S/W DETAILS: boxi R3.1 DATABASE: Oracle 10g Thanks in Advance
-
WAD 2004s Analysis Item Row Select RRI_RECEIVER does not pass Filter values
I have created an Analysis item and using a Data Provider that has a Sender-Reciever entry for it. I created a Command on the Row Selection Activation that does an Report to Report (RRI) jump to another web page(template or app whatever sap calls it)
-
i do simple daily tasks with adobe photoshop cs and i was hoping automator would make this easier. let's say i have a folder full of images. what i want automator to do for all of the images is... 1) open with photoshop 2) select-->all 3) edit-->stro
-
If anyone knows what my next step is, please help! Thanks
-